Right now I have a website with Facebook auth. I also have JWT working… meaning that I can generate and read valid tokens based on my users after they do a Facebook login.
Next, I am creating some hybrid apps on android/ios. They need to:
Handle the Facebook login with my Facebook app, then generate a JWT token that my website backend can use, and finally connect to my backend’s api and fetch data.
Now I’m trying to understand since I already have half of this working, but Auth0 has a Nativescript implementation that would save me time and trouble… should I bother with Auth0? And will it actually make it easy to accomplish the flow I am describing above?
Update
To tell the truth, I took a closer look at the pricing scheme and that, if I’m reading it right, has made the decision for me! I read somewhere the prices were reasonable but they don’t appear to be reasonable at all!
I thought… if we get 7000 users for free… then you probably charge a bit of money for anything above that… maybe starting at 10000 users? But no… if you want more than 7000 users… am I reading this right? If you want 10000 it’s 200$ per month?? And then 380 for 20k? lmao… well this sounds like it’s for the businesses that have lots of cash to throw around. It’s not for small start-ups that have a technical person on board capable of achieving the same thing using open source solutions. I’ll stick to my custom implementation… because basically, I don’t have a choice! The pricing scheme made sure of that.
From a functional perspective Auth0 covers the Facebook authentication (among other social providers) and also the issuance of access tokens (JWT’s) that can be consumed by your own API’s.
It would also likely force you to have your implementation more aligned with current authentication and authorization standards (OpenID Connect and OAuth2). This would be positive from a security perspective as those specification went through security reviews made by different parties and they are also battle-tested. A custom implementation on the other hand may work, but it’s easy to overlook important details. This means that going with Auth0 and with standards may even be more complex than a custom implementation, but it’s more likely to lead to a more secure implementation.
In conclusion, you’ll need to review the pros and the cons and decide for yourself. I would also check the Auth0 support matrix as you mention Nativescript and I don’t believe that’s supported directly by Auth0.
Thanks for answering so quickly! (updated the question with more information)
Thanks for answering so quickly! (updated the question with more information)
The reason for the somewhat unexpected pricing is that you can’t compare just the number of users. The available features in the paid subscription are not the same as in the free one so the price also takes that in consideration. You could argue that you could be interested in a paid subscription that offers the same level of features as free with just the possibility of increasing active users, but at this time that is something that is not available.